Problem

A user reported their GPG setup showing strange errors asking them to "Please insert card with serial number..." and root caused it to scdaemon paths changing after a brew upgrade. This change should make it more clear in future scenarios that GPG Tap Notifier configuration is incorrect.

Process execution failure information is currently logged to stderr and the macOS unified logging system, but it'd be more helpful to surface this visually.

Changes

A modal alert now appears if scdaemon failed to execute. This will now appear alongside the "Please insert card with serial number..." error from GPG itself.

Followups

It'd also be helpful to show status indicators in the GPG Tap Notifier configuration app when one of the selected paths are missing.

Problem

A user reported that the NSAlert animated from one monitor to another on a dual monitor setup. I was able to reproduce this by having my active window on the non-primary monitor and hitting "Test Notification".

https://user-images.githubusercontent.com/906558/181792536-e5ce29f4-8247-4cf0-a99e-22ad5efe1ad2.mov

Changes

Fixing the problem in 2 ways.

1. This problem appears unique to NSAlert instances tied to a zero width/height window. Setting the alert window to be 1px x 1px prevents the problem.
2. To prevent a permanent 1px x 1px window from persisting on the screen, we're no longer caching the window. It's mow recreated when the alert appears/disappears.

A teammate gave feedback that this application isn't "reminding" users as much as it puts a user interface to the act of confirming commit message signatures. I think that's right.

Updating default language accordingly. New text is:

A GPG signature has been requested. If you initiated this action, tap your YubiKey's metal contact to confirm.

Before

After

This switches the delivery mechanism default from Notification to Alert HUD and reduces the timeout from 1.0s to 0.5s.

|Before|Now| |-|-| |||

I believe this will provide a better out of the box experience for most users. I find that macOS notifications are generally meant for communication (e.g. email, Slack) rather than system utilities. The centered system alert better matches other macOS security prompts (e.g. Touch ID, sudo).

Followup to the "Test Notification" message introduced in https://github.com/palantir/gpg-tap-notifier-macos/pull/12. The test reminder now dismisses itself after 3 seconds.

If the agent needs to request permission to show notifications, that time is not included in the 3 second timeout.

Demo

https://user-images.githubusercontent.com/906558/177477813-f6198fb8-ed71-4fc3-8da3-fa06a462dd6c.mov

Before this change, the agent would request authorization to display notifications and send the initial tap reminder at the same time.

This results in a minor bug where the initial tap reminder would always fail to display.

The agent now properly waits for requestAuthorization() before presenting any notifications. If the smart card has not yet been tapped, the reminder will display after the user accepts notifications.

https://user-images.githubusercontent.com/906558/177049960-f4699f06-8631-439d-ade2-f198ace9833d.mov

Changes

Adding a new "Test Notification" button. If users haven't authorized notifications from the agent yet, clicking the test button will ask for permission.

Demo

https://user-images.githubusercontent.com/906558/177049660-a982a17a-115b-4d01-8b9d-fa09ba29bdac.mov

The agent's current behavior is to display multiple notifications at once if the present() method is called sequentially without an intermediate dismiss() call.

In theory this can happen if users GPG sign in different terminal tabs without acting on previous sign requests. In this case, only the latest notification would be cleared, which is a bug.

This change was prompted by a future commit refactoring present() to be an async method. The checkedContinuation API forced better handling of this scenario since a continuation discarded without resuming log a warning.

Redesigning the delivery mechanism chooser into something more similar to macOS's notification preferences selector. To prevent the config UI from becoming too vertically long, the various config settings are now grouped into a TabView.

Before

After

This PR implements a reminder mechanism driven by NSAlert.

Here's a video of the alert being shown and dismissed.

https://user-images.githubusercontent.com/906558/173206854-94fcfabe-62ca-4ba9-bf46-a852541724a8.mov

Switching between the 2 delivery mechanisms does not require a restart.

https://user-images.githubusercontent.com/906558/173206853-269f09f4-f4fd-4c49-8a2e-3c4a8c3b8891.mov

Adding a new --no-repeat-install flag to the installer.

❯ ./GPG\ Tap\ Notifier.app/Contents/Library/GPG\ Tap\ Notifier\ Installer enable --help
USAGE: main-command enable [--no-repeat-install]

OPTIONS:
  --no-repeat-install     Do not perform any actions if this command has already ran.
                          This avoids re-enabling the app on upgrades if users have
                          opened the GUI and disabled it.
  -h, --help              Show help information.

Testing

Quick smoke test to make sure this works as expected.

❯ ./GPG\ Tap\ Notifier.app/Contents/Library/GPG\ Tap\ Notifier\ Installer enable --no-repeat-install

❯ cat ~/.gnupg/gpg-agent.conf
default-cache-ttl 600
max-cache-ttl 7200
# --- Start of GPG Tap Notifier Modifications ---
# The lines in this section were automatically added by GPG Tap Notifier.app.
# Any manual edits in this section may be reset. This section can be safely
# deleted if you wish to uninstall the GPG Tap Notifier app.
scdaemon-program /Users/bcheng/Library/Developer/Xcode/DerivedData/GPG_Tap_Notifier-dlkqpxdmlxgdlhaihnrsropwcyzu/Build/Products/Debug/GPG Tap Notifier.app/Contents/Library/GPG Tap Notifier Agent.app/Contents/MacOS/GPG Tap Notifier Agent
# --- End of GPG Tap Notifier Modifications ---

❯ ./GPG\ Tap\ Notifier.app/Contents/Library/GPG\ Tap\ Notifier\ Installer disable

❯ ./GPG\ Tap\ Notifier.app/Contents/Library/GPG\ Tap\ Notifier\ Installer enable --no-repeat-install
Exiting with no modifications. This command has already ran successfully in the past.

❯ cat ~/.gnupg/gpg-agent.conf
default-cache-ttl 600
max-cache-ttl 7200

the whole flow is working, but i'm not receiving any notification. i tried both notification and alert-hud modes, and both work with the "test notification" button. but when the yubikey blinks, requesting the touch, i don't receive any notification.

• notifications enabled
• "do not disturb" disabled
• not sharing screen
• yubikey 5c nfc, firmware v5.4.3
• gnupg v2.3.8 (via homebrew)
• pinentry-mac v1.1.1 (via homebrew)
• macos v13.1 ventura
• no gpg-suite

# ~/.gnupg/gpg-agent.conf

pinentry-program /opt/homebrew/bin/pinentry-mac
log-file $HOME/.gnupg/gpg-agent.log
enable-ssh-support
debug-level basic
ttyname $GPG_TTY
# --- Start of GPG Tap Notifier Modifications ---
# The lines in this section were automatically added by GPG Tap Notifier.app.
# Any manual edits in this section may be reset. This section can be safely
# deleted if you wish to uninstall the GPG Tap Notifier app.
scdaemon-program /Applications/GPG Tap Notifier.app/Contents/Library/GPG Tap Notifier Agent.app/Contents/MacOS/GPG Tap Notifier Agent
# --- End of GPG Tap Notifier Modifications ---

excavator is a bot for automating changes across repositories.

Changes produced by the excavator/policy-bot-oss check.

To enable or disable this check, please contact the maintainers of Excavator.